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Abstract 


This paper was written to document the design and implementation of the KidCQ prototype tracking system which 
could help in locating abducted children. KidCQ places an emphasis on protecting the privacy of children. Strong 
protective mechanisms have been incorporated to prevent fraudulent use of this tracking system. 


1 KidCQ Overview 


The KidCQ prototype is a child tracking system with a strong 
focus on protecting the child’s privacy. Essentially this paper 
goes beyond presenting another tracking system and focuses 
on describing a set of protective mechanisms that are used to 
prevent system abuse and protect children wearing a tracker. 

With the above assertion in mind, the first ’rule” of the 
KidCQ system, is that only the Police may activate a KidCQ 
tracking device. The device itself is quite simple, it is a pas- 
sive device that listens to a designated frequency for an acti- 
vation code. If an activation code is received and proved to 
be authentic, then the device will enter a beacon mode, trans- 
mitting a tone on a designated frequency so that authorities or 
ham operators may Radio Direction Find (RDF) the device. 

Police authorities are the only group capable of generat- 
ing KidCQ activation codes, this is a primary concept of the 
the KidCQ system that is thoroughly discussed in the follow- 
ing sections with the aid of technical implementation details 
and source code samples. 

Parents also play a key role in activating a KidCQ track- 
ing device. Activation Codes are tailor made for each device 
using a unique serial number. Before Police can generate an 
Activation Code, the parents of the missing child must give 
Police the serial number of their child’s KidCQ tracker. 

Once the serial number has been used to generate the ac- 
tivation code, the code must be broadcast over a designated 2 
meter frequency until a tone from the sought KidCQ device 
can be heard. At which point RDF techniques can be used to 
pinpoint the device and the missing child. 

Transmitting the activation code, searching for a signal, 
and RDFing the tracking device are all key areas where Ham 
radio expertise would be required by Police. The KidCQ sys- 
tem relies fundamentally on the emergency preparedness of 
the amateur radio community and our long standing tradition 
of providing communication services during times of emer- 
gency. An abducted child is just such an emergency. 


The KidCQ system requires very close collaboration be- 
tween Police, parents and the amateur community. The 
system would only be used within the context of a life- 
threatening emergency, similar in scope to the activation re- 
quirements of the well known Amber Alert program. 


1.1. Technical Overview 


The tracking device will not transmit any information about 
the child’s location until it is activated by the Police. In order 
for Police to activate the child’s tracker, the parents must first 
provide the police with the serial number of their child’s de- 
vice at which point the Police can generate an activation code 
using a special KidCQ smart card. 

Once an activation code has been generated for the child’s 
tracking device, it is broadcast using the APRS protocol on a 
designated 2 meter frequency. 

All KidCQ devices are listening to this frequency for an 
APRS based KidCQ activation messages addressed specif- 
ically to them. When a message is received, the device 
evaluates the message, and if an authentic activation code is 
present, the device will transmit a beacon tone on 2 meters. 

The activation code is discussed in further detail later, but 
it is important to note that activation codes are generated and 
authenticated using a form of cryptography known as digital 
signatures. The legitimacy of experimenting with this tech- 
nique as a Ham radio operator is also discussed in sections 
below. 

For now, the reader is asked to take it on faith that se- 
cret encrypted messages are not being transmitted on Ama- 
teur bands. A device that receives a digitally signed activa- 
tion code, will immediately verify that the code is authentic 
and was produced by Police. At which time, the device will 
begin actively broadcasting a beacon tone where RDF tech- 
niques can be used to track the device. 

The ability to generate an activation code is restricted to 
Police using smart cards. A smart card is similar to a banking 
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card. It is made mostly of plastic and has the same form fac- 
tor as the wallet sized credit card. And like a bank card, the 
owner is required to have the card in-hand and have knowI- 
edge of a secret Personal Identification Number (PIN) in order 
to do anything useful. 

While smart cards look like a typical magnetic strip credit 
card, in the KidCQ prototype system, the smart card is actu- 
ally a smal] computing device with a processor and internal 
memory'. When the card is inserted into a reader, power is 
supplied and the user interacts with the card using a PC that 
is attached to the smart card reader. A Police officer inputs a 
PIN and a KidCQ device serial number, the smart card pro- 
cesses the request and sends back an activation code. The 
smart card has secret information that it uses to generate the 
activation code. However, the activation code itself is not a 
secret, aS anyone can read, validate and understand its mean- 
ing. 
Much of the security of the KidCQ system is dependent 
on keeping information in the smart card private and con- 
trolled, so what happens if a KidCQ smart card is stolen along 
with the PIN? This is a valid concem, as a single KidCQ card 
literally holds the key to the entire system. The key is just a 
piece of data, but if it is divulged then the system is broken. 

The system is also broken if someone who steals the card, 
never actually sees the secret data, but is able to use the card 
to make an infinite number of activation codes starting at se- 
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1.2 Police Officer: Generating an Activation Code 


rial number | and working their way up. 

To mitigate this risk, each KidCQ smart card can produce 
a maximum of 5 activation codes. This small fixed number 
of uses, allows for a search to be conducted for a child who 
may be wearing one of many possible tracking devices. The 
intention however, is that one smart card is used for one ab- 
duction search before it must be replaced. After the card has 
been used up, it erases it’s internal memory and wipes out the 
secret data that is used to create KidCQ activation codes. 

Limiting the use of the smart cards allows Activation 
Code creation to be controlled beyond simply trusting local 
police departments not to lose the card. Human nature will 
allow for more than one card to be lost or possibly stolen. 
Keeping low the number of code generations that can be per- 
formed by a single card will decrease the impact of losing a 
smart card in the field. 

A smart card is like a small computer, it can perform com- 
putations and store small amounts of data, but most impor- 
tantly it is self contained. Cryptographic calculations are per- 
formed on card with keys that are stored on card. This is very 
useful for keeping the KidCQ cryptographic keys a secret, Po- 
lice can use the key to make an activation code, but they can 
never see the key or divulge its value. 

Also, removing the secret keying data from the smart card 
is not an easy task. Any physical attempts to open” the card 
will typically destroy it. 
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Figure 1: KidCQ Activation Code Data-flow 


1.2 Police Officer: Generating an Activation 
Code 


With the serial number in hand, a Police officer inserts a 
KidCQ smart card into a reader that is connected to a com- 
puter. A windows application as shown in figure 2 screen- 
shots is used to interface with the smart card in the reader. 


‘but no power supply 


The screenshots show two input fields, one for entering the 
PIN that will unlock the smart card, and a second field for en- 
tering the KidCQ device serial number for which an activation 
code is required. Once the Generate Code button is pressed, 
both pieces of information are sent to the smart card where 
the PIN will be confirmed and if the PIN is valid an activation 
code for will be returned for the specified serial number. 
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It is important to note that the activation code is not calcu- 
lated on the computer, and that the program in the screen shots 
is only an interface to the smart card where the real computa- 
tion takes place. Details about the smart card implementation 
are described in section 3 below. 

At the bottom of the program window is a boxed off sec- 
tion called ’Smart Card Status” that is used to display state 
information queried from the smart card. This box will tell 
the user if the wrong smart card is plugged in, if a the KidCQ 
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1.3. Ham Operator: Transmitting the Code with APRS 


smart card has expired due to failed login attempts or if the 
card is inactive due to over use. 


Also present in the screen shot is a button titled “load 
smart card firmware”. This button was added for the purpose 
of prototype development and for easier demonstrations it is 
a convenient short cut for loading firmware to the card and 
initializing the card with a static serial number and prototype 
keying data. 
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Figure 3: Program To Broadcast KidCQ Activation Message 


1.3 Ham Operator: 
with APRS 


Once an activation code has been generated by the police (see 
figure 2), it can be handed over to Ham radio operators for 
broadcasting on the designated KidCQ 2 meter frequency. 

To broadcast the activation code, a Ham operator is re- 
quired to have a PC, a TNC and a transmitter. Since the 
KidCQ activation message is wrapped in an APRS packet, a 
Ham is also required to have software capable of transmitting 
the APRS based activation message. 


Transmitting the Code 


The prototype system uses the kidcq_transmit application 
shown in figure 3 to wrap the activation code in a custom 
APRS message. The KidCQ APRS message is specified in 
Appendix A: KidCQ protocol specification. 


The kidcq-transmit program broadcasts the message by 
interfacing with a KISS mode TNC over the COMI serial 
link on the windows platform. The operator must enter the 
activation code provided by police as well as their callsign 
and APRS digipeater aliases list. 


KidCQ makes use of APRS aliases to propagate and filter 
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the packet. 


1.4 Direction Finding the Device 


Direction finding a device that is emitting an RF signal is a 
distinct topic in itself. There is an entire sub-culture of Hams 
that practice tracking down rogue transmitters for sport. And 
techniques range from complex distributed triangulation of 
signals using using APRS? to lone Hams that home into a 
signal using a directional antenna. The later is presented as 
an example using a simple dipole. 

It is easier to use the null (or end) of a simple dipole to 
determine the direction from which the signal is coming from 
than to use the main lobes of the dipole. This is advantageous 
since the null on a dipole has a narrow beam width and can be 
rotated and moved around until a signal can barely be heard. 
The spot at which the signal strength is at its weakest should 
position the dipole so that it is pointing to the source of the 
signal. Circling around the area of the potential signal source 
will confirm the position of the signal if the dipole is always 
pointing to the centre of the circle. 

For the KidCQ prototype it was decided that a beacon 
transmitter operating in the 2m band would be used. The 
main reason for choosing this band was because most Hams 
own equipment and can operate in the 2m band. Also, it is 
much easier to RDF in the 2 meter band due to the fact that 
there are fewer reflections than in higher frequencies. 

Choosing 2 meters has its drawbacks, it is a lot more chal- 
lenging to design hardware within the constraints of a device 
that must be carried by a child. Most of the available? low 
power consumption ICs that can be found, operate in the 800- 
900 MHz band. And certainly receiver and transmitter ICs 
greatly impact size and practicality of any tracking device. 
But none the less, time and money can solve the problem 
of making a small tracker. The KidCQ prototype presents 
a proof of concept system that guards privacy. 


2 Cryptography and Digital Signa- 
tures 


Secure data communication can be a confusing topic. To help 
with the discussion of cryptography, two fictional characters 
Alice and Bob are introduced. Alice and Bob would like to 
communicate with each other over an untrusted, non-secure 
channel. 

Now, in the case of ham radio, we are not so concerned 
with communicating secrets. In fact, this is an illegal use of 
our privilege. However, it may be the case that we would like 
to prove the identity of the person with whom we are com- 
municating. So long as the information communicated is not 
secret, we are operating within the legitimacy of our license. 

This section presents both methods of secure communi- 
cation with Alice and Bob being used to illustrate. 


1.4 Direction Finding the Device 


In symmetric key cryptography, both Alice and Bob share 
a single key. If Alice wants to send a secret message to Bob, 
Alice will encipher the message with their shared key, send 
the resulting cipher text to Bob who will use the same shared 
key to decrypt the message and read the plain text. Now, it’s 
extremely important to note, that in this short scenario, both 
Alice and Bob are not acting as ham radio operators since this 
method of enciphering can only be used to send secret mes- 
sages. And sending secret messages over amateur bands is 
strictly prohibited. 

Symmetric key cryptography is typically what we think 
of when we hear stories of the allied code breakers versus the 
Japanese and German code machines of World War 2. Keep 
in mind that all of the secrecy provided by symmetric key 
cryptography is dependent on a single shared key, and that the 
two communicating parties must know the key value and must 
agree on the key value at some point before using it. This type 
of ”key management” has some inherent problems, after all, 
during WWII keys were not always discovered by allied code 
breakers, sometimes they were acquired by boarding enemy 
submarines or during special operations behind enemy lines. 
With this in mind, the second type of encryption, public key 
cryptography is next presented. This method of cryptography 
does not rely on a single shared secret key. 


In 1976, Whitfield Diffie and Marty Hellman introduced 
a new method of enciphering, referred to today as Public Key 
Cryptography. Let’s say Alice wants to send a secret message 
to Bob using public key cryptography. Bob will first produce 
a ’Key Pair’ consisting of a Public Key and a Private Key. 
These two keys are mathematically related, however it is con- 
sidered extremely hard to deduce or calculate the Private key 
from the Public one. Bob’s Public key is published in a phone 
book, or something equivalent that Alice knows she can trust, 
and Bob keeps his private key secret to himself. If Alice wants 
to communicate with Bob, she will first lookup Bob’s public 
key in the phone book, and use it to encrypt her message to 
Bob. Here’s the important part: the math behind public key 
cryptography ensures that Alice (or anyone else) can encrypt 
a message for Bob, but only Bob can decrypt the ciphertext 
using his Private key. So even though Alice encrypted a mes- 
sage for Bob, she is not able to decrypt her own message, only 
Bob can decrypt the ciphertext message. 


As with symmetric key encryption, public key encryption 
is illegal for hams to use over the air. In fact, any time we use 
the word “encryption” it is a safe bet that we are talking about 
data secrecy, something that is strictly off limits to Ham radio 
operators. So why are we discussing encryption within this 
paper at all? 

It turns out that there is a unique property of public key 
cryptography that can be twisted to make it both legal and 
useful within ham radio. In the example above, Alice en- 
crypts a message with Bob’s public key producing ciphertext 
that only Bob can decrypt with his Private key. Consider what 
would happen if instead, Bob used his private key to encrypt a 
message So that anyone could read the message by decrypting 


2PocketAPRS for the palm pilot, has triangulation features built in for this purpose. 
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it with Bob’s public key. In this case, we have a coded mes- 
sage that is public, where anyone who wants to read the mes- 
sage can do so and everyone knows that the message could 
only have originated from Bob. Bob has just created a digital 
signature. 


A digital signature is a piece of data that is appended to a 
message and calculated using a person’s private key. Anyone 
who reads the message can verify that the message originated 
from the proposed sender, by verifying the signature using the 
sender’s public key. This method of ’encryption” does not in- 
volve any message secrecy, since anyone can read the original 
message, and anyone with the public key can decrypt/verify 
the digital signature portion of the message. 


The fact that digital signatures are not used to make a mes- 
sage secret is very important when used in the context of Ham 
radio. In Canada, Hams are governed by the Radio Commu- 
nications Act. The regulations of that act state that? : 


Communications with Radio Apparatus in the Amateur 
Radio Service 


[SOR/2000-78, s. 8] 


47. A person who operates radio apparatus in the 
amateur radio service may only 


(a) 


communicate with a radio station that operates 
in the amateur radio service; 


(b) use a code or cipher that is not secret; and 


(c) be engaged in communication that does not 


include the transmission of 


(i) 


music, 
(ii) commercially recorded material, 


(iii) programming that originates from a 
broadcasting undertaking, or 


(iv) radiocommunications in support of industrial, 
business or professional activities. 
SOR/2000-78, s. 9. 


The wording is extremely important, note that the reg- 
ulations do not state codes and ciphers can not be used, it 
specifically states that codes and ciphers may not be used for 
secrecy. 


The bases for this presentation of encryption, digital sig- 
natures and the Radio Communications Act is to justify 
KidCQ’s use of digital signatures in its customized APRS 
based communications protocol. KidCQ requires the trans- 
mission of digitally signed messages, and countries that allow 
codes and ciphers to be transmitted over the air for purposes 
other that data secrecy, will allow experimentation with the 
KidCQ protocol. 


4Notice item 47(b) 


3 Protecting Children with Smart 
Cards 


The purpose of using a smart card to dole out activation codes 
is ultimately to protect children from fraudulent use of the 
KidCQ System. The entire system teeters on the premise that 
only a police officer can make an activation code that will 
be used to enable a device that tracks a child. Underneath 
the covers, this restriction is made possible by the fact that 
the KidCQ cryptographic private key remains a secret. If the 
private key is compromised, stolen, or accidentally divulged 
then anyone who knows the private key can generate their 
own valid KidCQ activation codes. 

The more people that know a secret, the more likely that 
secret will be compromised. By using a smart card, access to 
the private key can be given to a police officer but the private 
key will never be revealed. The smart card has a small amount 
of internal memory and is capable of performing computa- 
tions, all it requires from the outside world is a small amount 
of power and some input data to operate on. By performing 
all cryptographic signing operations on the smart card, the 
private key can remain safe within the card and never be di- 
vulged. 

Other protective mechanisms are implemented on the 
smart card as well. If a user of the card enters the wrong 
PIN too many times, the card will consider the user a threat 
to the KidCQ system and destroy its copy of the private key. 
Also, the card is of limited use and after successfully gen- 
erating a limited number of activation codes, the card will 
erase the private key. The justification for this action is that 
a legitimate police officer can easily obtain another KidCQ 
activation card, but a thief can not. If someone were to steal 
a KidCQ smart card, the damage that could be done through 
fraudulent use of the card is limited to the generation of 4 or 
5 activation codes. 

Not all smart cards are made equal. In essence, a smart 
card is an integrated circuit (IC) embedded in a piece of plas- 
tic, that has the form factor of a standard size credit card. The 
first difference people notice about a smart card is the serial 
interface connector that is about the size of a fingernail and 
can be seen on the top of the card. 

Generally speaking, a smart card can be a variety of spe- 
cialized circuits from a small piece of flash memory to a small 
computer capable of computations. However, one of its defin- 
ing properties is that a smart card does not have its own power 
source, nor does it have a human interface. A smart card must 
be inserted into a reader terminal so that it can receive power 
and communicate with a user. 

The KidCQ system uses a special type of smart card 
called a JavaCard. JavaCards are flash programmable and na- 
tively capable of some sophisticated mathematical routines 
commonly used in cryptographic algorithms. As one would 
suspect, you program a JavaCard using a subset of the Java 
programming language. This subset is defined in the JavaC- 
ard specification that is maintained by Sun Microsystems. 

While Sun defines the programmer interface for JavaC- 
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ards, these smartcards are manufactured and sold by compa- 
nies that specialize in smartcard technologies. For example, 
ST microelectronics manufactures smart card ICs and will 
embed them in a plastic credit card package. A company like 
Axalto, will contract a company like ST microelectronics to 
mask the smart card ICs with special program code during 
the manufacturing process. Axalto would then sell these cus- 
tomized smart cards in the marketplace with it’s own brand- 
ing, such as ’’Cyberflex Access” JavaCards. 

The KidCQ activation card is a Cyberflex Access JavaC- 
ard. This card natively supports all of the cryptographic op- 
erations required to generate an activation code, so program- 
ming the card is relatively easy, the only thing that must be 
implemented is a communication protocol and a simple state 
machine. All of the cryptographic math comes for free. 

As an example, the following code snippet is used on the 
smart card to generate the activation code. All of the func- 
tion calls in this code sample are part of the native JavaCard 
Application Programming Interface (API), meaning that no 
other low level crypto programming was required to generate 
the activation code. 


// Create Shal digest object. 

digest = MessageDigest.get Instance ( 
MessageDigest .ALG_SHA, 
false) ; 


// Create an RSA Private Key object. 

// Fill it in later. 

priv_key = (RSAPrivateKey) KeyBuilder.buildkKey ( 
KeyBuilder.TYPE_RSA_PRIVATE, 
KeyBuilder.LENGTH_RSA_1024, 
false); 


// Create an RSA signature object. 

signature = Signature.get Instance ( 
Signature.ALG RSA_SHA_PKCS1, 
false); 


// Signature object is in sign (not verify) mode 
// using the specified private key. 
signature.init (priv_key, Signature.MODE_SIGN) ; 


Private void genSig(APDU apdu) { 
byte buffer[) = apdu.getBuffer(); 


// Check state of the card is not in HALT. 

if (state != STATE NORMAL) { 
ISOException.throwIt (SW_WRONG_STATE) ; 

} // if 

pin.reset (); 

// Check Usage Count. 

if (usage_count == 0) 
ISOException.throwIt (SW_USAGE_EXPIRED) ; 


} // if 


// get the incomming user data. 


short readLen = apdu.setIncomingAndReceive () ; 
short offset = ISO07816.OFFSET_CDATA; 


// Validate Pin. 

if (!pin.check(buffer, offset, (byte) 0x04)) { 
ISOException. throwIt (SW_WRONG_PIN) ; 

} 


offset += 4; 


// Inialize Activation Code Buffer with 0's 
Util.arrayFillNonAtomic(act_code, (short) 0, 
(short) 256, (byte) 0x00); 


// Copy this Smart Card’s serial number to 

// first 3 bytes of the activation code. 

Util.arrayCopy(sc_id, (short)0, act_code, 
(short)0, (short)3); 


// Copy the 5 bytes of Device Serial number 
// sent to the card by the user, to the 
// activation code buffer. 


Util.arrayCopy(buffer, (short)offset, act_code, 
(short)3, (short)5); 

// Hash the two serial numbers. 

digest.reset (); 

digest.doFinal{act_code, (short) 0, (short) 8, 
digestBuffer, (short) 0); 


// Generate the signature. Append it to the 
// Activation Code. Will be 128 bytes in size. 
try { 


signature.sign(digestBuffer, 
{short) 20, 


(short) 0, 
act_code, (short) 8); 


} catch (CryptoException el) { 


// Decrement Usage Count. 
usage count -= 1; 


// Concatinate data and signature and return. 
apdu.setOutgoing(); 


apdu.setOutgoingLength((short) (128 + 3 + 5)); 


// Send the Activation Code back to the user. 
apdu.sendBytesLong(act_code, (short)0, 
(short) (128 +3+5)); 


} // genSig() 


The beginning of this code sample shows how the digest, 
key and signature objects are instantiated. This code is ex- 
ecuted when the program is flashed to the smartcard. These 
objects maintain their state on the smart card until the pro- 
gram is deleted or re-flashed. 

The genSig() smart card function in the sample above is 
called when the user attempts to generate an activation code. 
For example, when a user inserts the smart card into a reader 
and uses the Police Activation Code Generator Windows ap- 
plication. 

From looking at the source sample, it is important to note 
how the activation code is actually generated. When the user 
asks for an activation code for a particular KidCQ device's 
serial number, the device serial number and the serial number 


5The serial number of the smart card is assigned to the card at the same time as when the KidCQ private key is injected. 
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of the smart card are placed into a buffer, the buffer is hashed 
and signed using the KidCQ private key. The signature is ap- 
pended to the buffer and finally the buffer is returned to the 
user as the activation code. 

This process effectively fingerprints each activation code 
being generated by a KidCQ smart card and so any activation 
code can be traced back to the police agency that owns the 
smart card. 

The full KidCQ JavaCard program listing is approxi- 
mately 80 percent larger than the code snippet that is shown. 
Most of the remaining code was written to handle data com- 
munications with the host PC at the other end of the smart 
card terminal. The rest of the program also implements the 
state machine for the card that is presented below in figure 5. 

The smart card does not have the KidCQ private key when 
the program is first flashed to the card. The private key is in- 
jected into the card at a later time, and this is reflected in the 
smart card’s state machine. The intention of this feature is to 
isolate the card manufacturing process from having to know 
the private key. By separating key injection out of this pro- 
cess, it leaves the possibility for some group, possibly federal 
police, to handle key injection and card distribution. 

The state machine also shows how failed PIN attempts 
and card usage affects the state of the card. When either of 
these counters reach 0, the card enters a HALT state where 
the private key is erased and the card will no longer respond 
to code generation requests. In the prototype, each of these 
counter values are initialized to 5, so the user only has 5 at- 
tempts to correctly enter the PIN, and the card will only gen- 
erate 5 activation codes. 


4 Transmitting the Activation Code 
using APRS 


In order to activate a child’s KidCQ device, the digitally 
signed activation code must be delivered over the air. This is a 
Ham experimental project with one of the primary goals being 
to take advantage of existing Ham infrastructure. Naturally 
TNC based transmission of AX.25 packets on the 2m band 
was selected for a delivery method. However, a quick glance 
at the KidCQ protocol in the appendix will reveal that KidCQ 
activation messages are also wrapped in custom APRS mes- 
sages. 

APRS was used for a number of important reasons. The 
first being the wide proliferation of the protocol within the 
amateur community. Hams that do not care to investigate 
packet radio have most likely seen an APRS node in action. 
So it is much easier to communicate the nature of a KidCQ 
message by saying that it is simply a special APRS message 
type instead of explaining unconnected AX.25 packets. 

There are good technical reasons for employing APRS as 
a delivery mechanism, such as the use of APRS digipeater 
aliases. Piggybacking KidCQ messages on the APRS proto- 
col and infrastructure means that the benefits of packet prop- 
agation using aliases like RELAY, WIDE and IGATE can 
be acquired for free. Also, if KidCQ ever grows beyond 


a prototype system then transmission of KidCQ activation 
messages can easily be integrated into the numerous existing 
APRS software packages, taking advantage of existing proto- 
col stack implementations. 

As noted earlier, the KidCQ protocol specification is in- 
cluded as an appendix to this paper. 


5 KidCQ Device Prototype 
5.1 Hardware Design 


While small size and low power consumption are not the fo- 
cus of the KidCQ prototype, it was considered important to 
present a relatively small device with minimal power con- 
sumption using existing components from the amateur com- 
munity where possible. For the purposes of experimentation 
and prototyping the KidCQ device is adequate but certainly 
not complete. Ideally, a future development project for a real 
KidCQ device will be to shrink the design by using surface 
mount parts and ICs with ultra low power consumption. 

The device as it is, performs the following functions (refer 
to the block diagram in Appendix C figure 4: 


e The receiver gets the signal and passes it to the TNC-X. 


e The TNC-X takes the signal and divides it into APRS 
packets. 


e These packets are passed on to the TNC-X’s daughter 
board, which is a custom made for the KidCQ applica- 
tion. 


e If the daughter board finds that the information con- 
tained in the packet is the activation code that this par- 
ticular device is looking for, and the code validates, it 
sets a high signal on pin #2 of the picI8f252. 


e The high on pin #2 tums on the beacon transmitter. 
This same high signal is used to turn off the receiver 
since the receiver and the beacon transmitter use the 
same antenna for their operation. 


A 1 KHz tone was chosen for the the beacon transmitter 
since it was a frequency that could be heard by the human ear. 
The tone is generated by a MAX038 chip using a sine wave. 
A simple oscillator would have worked just as well, however 
the MAX038 was what was lying around the workshop and it 
helped save on experimentation and integration time. 


5.2 TNC-X and KidCQ Daughter Board 


The KidCQ child device prototype uses John Hanson’s TNC- 
X board to transmit packets over the air. The TNC-X has 
been extended using the daughter board interface to include 
a second PIC microcontroller to process incoming packets. 
The second PIC is a model pic18f252 that was selected for its 
increased RAM and 8x8 bit multiplier. 

A KidCQ digital signature is a very big integer value and 
it takes 128 bytes to store this value. In order to verify an 
RSA digital signature, this 128 byte integer value must be 


13 


14 


5 KIDCQ DEVICE PROTOTYPE 


cubed and reduced by a modulus defined in the public key. 
i.e. Keep dividing the cubed number by the public key num- 
ber until there is only a remainder. 

So the signature is 128 bytes long, the public key is 128 
bytes long, and multiplying two 128 byte numbers together 
will potentially result in a 256 byte number. Most of the PIC 
16 series chips have less than 512 bytes of RAM. Without 
some very expensive and sophisticated memory paging op- 
erations, a Pic 16 series chip can not store all of the required 
data. Also, pic!6 chips do not have a multiply operation mak- 
ing exponentiation of large integers extremely time consum- 
ing. 

In order to handle the number crunching requirements of 
an RSA signature verification, the KidCQ prototype uses the 
more expensive Picl8 series chips, specifically the pic! 8f252 
model that includes 1.5 kB of RAM and an 8x8 bit multiplier. 
This microcontroller has enough RAM to store the public key, 
digital signature, incoming packet and still meet the mathe- 
matical scratch space requirements of the signature verifica- 
tion algorithm. Also, the 8x8 bit multiply operation allows 
a 128 byte integer to be cubed and reduced in a reasonable 
amount of time. Tests during prototype development have 
shown that a signature can be verified on the order of 20-25 
seconds. 


5.3 KidCQ PIC18 Program 


The KidCQ program will be described in this section with a 
top down approach, starting with the main routine. The pro- 
gram begins by waiting for a KISS packet from the TNC-X 
on the UART communication port of the picl8f252. As de- 
scribed above, there are many protocol wrappings in between 
the KISS message and a KidCQ activation code. Essentially 
the program tries to filter messages that are not KidCQ at the 
first opportunity that is presented while processing each pro- 
tocol layer. 

The following code snippet was taken from the KidCQ 
Picl8’s program. It is written in C and the CSS PCH com- 
piler is being used: 


void kidcq_receive(KIDCQ_RSA_TYPE *kidcq) { 
int8 packet {AX25_PACKET_LEN] ; 
int8 packet_len; 
intl rv = 0; 


while (rv == FALSE) { 
packet_len = AX2S_PACKET LEN; 
kiss_receive (packet, &packet_len) ; 


rv = ax2S_process(packet, &packet_len); 
if (rv == FALSE) { 
continue; 


} // if 


rv = aprs_process(packet, packet_len, kidcQ); 
if (rv == FALSE) { 
continue; 
} // it 
} // while 
} // kideq_xeceive () 


5.3. KidCQ PIC18 Program 


Here we loop (forever), processing incoming packets and 
removing the KISS and AX.25 protocol wrappings. The func- 
tion call tree is kept flat, meaning that each of the functions 
above, like ax25_process, wil) avoid making any further func- 
tion calls with the packet and where possible, packets are pro- 
cessed in place to avoid "blowing the stack”. Each packet is 
upwards of 135 bytes and so balancing code readability and 
memory limitations can be tricky at times. Fortunately the 
CSS compiler that was used in this project is a big help for 
managing available memory. Once a valid KidCQ message is 
received and parsed, the resulting data is stored in the follow- 
ing structure: 


typedef struct { 


//Device serial number 
int8 cld_sn[CLD_SN_SIZE] ; 


//Police card serial number 
int8 police_sn[POLICE_SN_SIZE] ; 


//Digital signature 
int8 signature [RSA_SIZE] ; 


} KIDCQ_RSA_TYPE; 


This filled structure is passed back up to the main routine 
after one final validity check. The device serial number that 
was transmitted with the message is compared to the Serial 
Number that is statically embedded in the program® 

Upon returning to the main routine with a KidCQ activa- 
tion message, the program will next try to validate the signa- 
ture using the KidCQ public key that is also statically embed- 
ded in the program code. Refer to Appendix B for a listing of 
the KidCQ RSA public key. 

As mentioned above, the main routine uses this public key 
to verify the signature in the KidCQ message: 


//NOTE: CLD stands for Child Location Device. 


void main() { 
int8 message [8]; 
int8 digest {20}; 
KIDCQ_RSA_TYPE kidcaQ; 
intl valid = FALSE; 
fprintf (DEBUG, “started...\r\n"); 
// used to filter KidCq messages for this 
// device only. 
memepy (kidCQ.cld_sn, CLD_SN, CLD_SN_SIZE); 


while (!valid) { 
// listen to the TNC-X for a KidCq message. 
kideq_receive (&kidcQ) ; 


// concatenate the serial numbers of device 
// and police smart card. 

memcpy (message, kidCQ.police_sn, 3); 

memcpy (&message [3], kidCQ.cld_sn, 5); 


6 Admittedly, statically embedding the device serial number in the program code does not lend well to scalability, but for the purposes of a prototype it is 
more convenient to re-flash the PIC than to create some special serial number provisioning application. 


6 NEXT STEPS 


// Hash the serial numbers, the digest will 
// be compared to that of the signature. 
shal_final(message, 8, digest); 


// “Decrypt" the signature, and compare the 

// @igest. 

valid = rsa_verify(g_M, g_m_prime, 
g_R_cubed_mod_m, 
kidcCQ.signature, 
digest); 


} // while 


// Enable the RF beacon. 
output_high(PIN_A0}; 


} // main() 


First the device serial number and police smart card serial 
number are concatenated and fed into a hashing function. The 
resulting digest is fed into the RSA signature verifier along 
with the public key and the signature that was sent over the 
air.’ The signature verifier will *decrypt” the signature using 
the public key, and compare the decrypted digest to the digest 
that was passed into the verifier from the main routine. 


5.4 Signature Verification in a PIC18 


An RSA signature verification is calculated by treating the 
digital signature as a very large integer. Cube the signature, 
and find the remainder after dividing by the Public Key®. The 
remainder is compared to the message being verified. If they 
are the same, than the signature was successfully verified. 

The RSA verification engine consists of two components, 
the high level RSA verifier, and the big integer arithmetic unit. 
Both pieces of code have been built for this prototype from 
scratch since the need for big integer math on a PIC is not 
very common. 

The custom big integer math library contains the follow- 
ing functions: 


void multiply_1_n(int8 x, int y[], int8 y_len); 
void add_n_n(ints x(], ints y{], inté len); 
void subtract_n_n(ints8 x{], int8 y[], int8 len); 


int8 compare_n n({ints x{], ints y(], int8 len); 
mUl, 

x{], ints yl], 
m_prime, ints Al], 
buffer[], int8 len); 


void MontgomeryProduct (int8 
ints 
ints 
ints 


In the functions above, the parameter len determines 
how many bytes long an integer array is and so the maximum 
integer value would be calculated using the formula 2 * (8 * 
len). Most of these functions are standard grade school arith- 
metic algorithms, albeit operating in a base 256 radix. The 
last function MontgomeryProduct() is an implementation of 
Montgomery Multiplication, ° which is a time optimized mul- 
tiplication algorithm that will multiply 2 big integers, inter- 
leaving reduction steps (i.e. the modulo operation) through- 
out the algorithm such that the number of discrete operations 


5.4 Signature Verification in a PIC18 
required to multiply and reduce two large integer values is 
reduced. 


#define LEN 129 
#define KEYSIZE 128 


intl rsa_verify(int8 public_modulus[], 


int8 m_prime, 
int8 R_cubed_mod_m[], 
int8 signature[), 
ints digestI[}) { 

int8 i = 0; 

int8 A[KEYSIZE + 2]; 


ints 
ints 
ints 


A2 [KEYSIZE + 2]; 
scratch_space [KEYSIZE + 1]; 
comp_sig; 


MontgomeryProduct (public_modulus, 
signature, 
signature, 
m_prime, 

A, 
scratch_space, 
LEN) ; 


// Shorten the A buffer for the next op. 
for (i=0;i<LEN-1;i++) { 

Ali] = Afi+2]; 
} // for 


MontgomeryProduct (public modulus, 
A, 
signature, 
m_prime, 
R2, 
scratch_space, 
LEN) ; 


// Shorten the A2 buffer for the next op. 
for (i=0;i<LEN-1;i++) { 

A2[i] = A2(i+2); 
} // for 


MontgomeryProduct (public_modulus, 
A2, 
R_cubed_mod_m, 
m_prime, 
A, 
scratch_space, 
LEN) ; 


// A should have the decoded signature. 
comp_sig = 


compare_n_n(&A[KEYSIZE + 2 - 20], 
digest, 20); 


if (comp_sig == COMPARE_EQUAL) { 
return TRUE; 
} else { 
return FALSE; 
} // if 
} // rea_verify() 


6 Next Steps 


The RSA algorithm is not well suited for this application. It 
was chosen for the KidCQ prototype because it is very easy 


7The g-R.cubed_mod_m parameter is some static pre-computation on the public key to help speed up signature verification. 


8 Actually the modulus component of the public key. 


9the reader is referred to "Handbook of Applied Cryptography”, Menezes et al. for a complete description of the algorithm. 
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to implement. However, KidCQ will need to move away from 
RSA because of the following: 


e Currently a 1024-bit RSA key is being used to produce 
a digital signature that takes up 128 bytes of space in an 
AX.25 packet. The signature expands further if a base- 
91 printable version is used in the APRS protocol. This 
is very large and is not scalable given KidCQ device 
constraints. 


e An RSA key size of 4096-bits would be required to 
meet the requirements for a production KidCQ system. 
An RSA signature based on a 4096-bit key would be 
too large for the AX.25 protocol and current PIC tech- 
nology. Over a 1200 baud TNC radio link, it is unlikely 
a complete error free message could be sent given the 
proposed KidCQ operating environment. 


e The RSA signature scheme is classified as a signature 
scheme with message recovery”. In short this means 
that an implementation can easily be reversed and used 
as a form of encipherment. Because of this, anything 
that implements an RSA based signature scheme is ex- 
port controlled by the Canadian and US government. 


To make activation codes smaller, KidCQ will need to 
adopt a new digital signature scheme. Elliptic curve cryptog- 
raphy (ECC) is a very promising crypto-system. The ECDSA 
signature algorithm would also address any export issues, 
since the algorithm does not have message recovery and can 
not be used for secrecy. 

Crypto-systems aside, the KidCQ prototype needs to be 
further tested with emphasis on field testing. Improvements 


must also be made to the design, to get the device as small 
and power conscious as possible. 
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8 Appendix A: KidCQ Protocol Specification 


8.1 AX.25 APRS Frame 


Refer to APRS specification, section 3. 


Flag 1 Ox7E AX.25 Flag 


Field Size Value Description 


Destination Address 7 APZ525 | Experimental APRS version designation. This will need to 
be changed if system proliferates. 
Source Address 7 callsign | 6 character callsign and optional SSID of operator. 


Flag AX.25 Flag 
8.2. APRS Message Type 


Digipeater Address 7-56 | *, KIDCQ | Normal APRS digipeater list, last digipeater address must 


be KIDCQ. 
Control Field 1 0x03 UI Frame. 
Protocol ID 1 OxFO No layer 3 protocol. 


Information Field 1-256 | sd] APRS user defined information defined below. 


FCS | 2 | | Field Check Sequence. 


Inside the AX.25 Information Field is an APRS User-Defined Data Object. See the APRS specification, section 18. 


APRS Data Type ID 
User ID 


Description 
APRS Data Type Identifier. | 
Experimental User ID. Will need to be assigned a unique 
user id if system proliferates. 

[KIDCQ Message «| Max 263[ | Defined below. 


8 APPENDIX A: KIDCQ PROTOCOL SPECIFICATION 8.3 Pseudo Base-91 Ascii Encoding 


8.2.1 KIDCQ RSA Printable Message Type (Message Type = r) 


[Size |Description SOS—SC‘C;C~S~S~S 
Police Serial Number 4 3 byte, pseudo base-91 ascii encoded, Police smart card 

eecroeeny tele eel| serial number that generated the activation code. 

RSA Signature 158 | 128 byte, pseudo base-91 ascii encoded, RSA Digital Sig- 

nature. 


8.2.2 KIDCQ RSA Binary Message Type (Message Type = a) 


| Size | 
CLD Serial Number | 5 | Serial number of the tracking device. 
Police Serial Number Police smart card serial number that generated the acti- 


vation code. 


RSA Signature 128 | RSA Digital Signature. 


8.2.3 KIDCQ RSA Public Key Message Type (Message Type = 1) 


Transmitting a digital signature over the air could be mis-construed as data secrecy or encipherment. During experimentation, 
the public key used to verify the signature may not be widely available and someone who receives a signature message will 
not be able to verify the signature. 

To ensure that KIDCQ messages are not perceived as encrypted messages during experimentation (where the public key is 
not widely known) it is strongly recommended that the public key is broadcast intermittently with digital signature messages. 
Adhering to this method will ensure that anyone who hears the KIDCQ digital signature message will be able to verify the 
signature with the over the air broadcasted public key. 

"Field | Size | Description SSCS~—s 
[Exponent |_+ | RSA Public Key Exponent (integer value of 3 for now). 
[Modulus [128 [| RSAModuus. Cd 


8.3 Pseudo Base-91 Ascii Encoding 


The nominal method for computing the base-9] encoding of integers, according to chapter 9 of the APRS specification, is to 
continuously reduce the n-byte integer value modulo 91 to produce a base-91 encode byte stream. 

This method works fine for small! integer values, however the RAM and processing requirements for big integers is too 
great for a PIC microcontroller that must decode the base-91 integer encoding. So for the large integers within this message, 
a slightly less space efficient version of the base-91 encoding is used. 

1 base-91 byte can represent a 6 bit integer. Normally a ’byte” is an 8 bit integer, so a single base-91 byte is not enough 
to encode a single integer byte. Using 2 base-91 bytes to represent a single integer byte (similar to Hex encoding) is very 
wasteful on space, since an n byte integer will expand to n*2 bytes. 

It turns out that two (2) base-91 bytes can represent a 13 bit integer. So for larger integers, every 13 bits will be encoded 
into 2 base-91 bytes. So N bytes will be encoded into ceiling(N * 16/ 13) base-91 bytes. 

This will allow the PIC to decode the big integers in small pieces and avoid the time consuming big integer math. 


8.3.1 Encoding Example 


Encode the 3 byte integer : (hex) OxF4 0x24 0x00, (integer) 16,000,000. 
The binary representation of the integer 16,000,000 is: 
111101000010010000000000 
pad the left side of the binary value with 0’s until size(binary int) mod 13 = 0. 
00111101000010010000000000 
This gives 2 13-bit integers: 
0011110100001 = 1953 and 0010000000000 = 1024 
Notice that 1953 * 2 * 13 + 1024 = 16,000,000. 
And perform base 91 encoding on these 2 integer values, as described by the APRS specification in section 9. 
1953 / 91 = 21 remainder 42 
1024 / 91 = 11 remainder 23 
So following a decimal to hex conversion, the pseudo base-91 integer value will be encoded as: 
(21 + 33), (42 + 33), (11 + 33), (23 + 33) = 0x36, 0x4B, 0x2C, 0x38 
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8.3.2 Decoding Example 


Decode the following 4 bytes into an integer value: 0x36, 0x4B, 0x2C, 0x38. 


Subtracting the decimal value 33 from each of the above bytes gives the decimal values, 
21, 42, 11, 23 

Now convert to 2 13-bit integer values: 

(21 * 91) + (42) = 1953 

(11 * 91) + (23) = 1024 

Finally, concatenate the bits to produce a decimal integer: 

(1953 * 2 * 13) + (1024) = 16,000,000 


9 Appendix B: KidCQ RSA Public Key 


Exponent 
0x03 


Modulus 

OxC2, OxFB, OxE3, OxCl, Ox68, Ox6E, 0x9B, 0x49, OxB2, OxBl, Ox3A, OxDA, 0x87, 
0x80, OxE8, 0x44, 0x22, OxXAB, OxEE, 0x66, 0x94, Ox7E, Ox9D, OxCl, 0x25, OxC9, 
0x96, OxDS5, OxD6, OxBS, OxA6, 0x86, Ox0C, 0x39, Ox74, 0x81, OxB7, Ox4E, Oxé6C, 
0x62, 0x13, Ox6D, OxCA, OxF3, OxDB, Ox8E, OxBS, Ox9F, Ox6C, Ox3B, OxFC, 0x75, 
0x70, 0x42, OxES, 0x46, Ox4C, Ox3A, 0x95, Ox4F, 0x50, OxEA, 0x85, 0x11, OxES, 
0x68, OxCS, 0x69, Ox8D, Ox6D, OxD1, 0x26, OxE2, 0x97, OxEA, Ox0D, 0x68, OxEB, 
OxF8, OxEE, 0x89, OxSA, 0x84, Ox8C, 0x36, OxCF, OxAS, OxB8, Ox0E, OxDS5, 0x43, 
0x17, OxCB, Ox55, OxE2, OxEE, 0x77, 0x79, OxBF, Ox8C, 0x09, 0x79, Ox6S, OxCF, 
OxFC, OxB9, Ox44, Ox3F, OxA6, OxD3, Ox2E, 0x41, Ox9C, OxAO, OxF1, OxF4, 0x98, 
Ox6C, OxCA, 0x59, OxEO, 0x53, OxDE, OxCl, Ox7A, 0x64, OxE6, OXxES5 


10 Appendix C: KidCQ Design Diagrams 


144.100 MHz 


cay AP 


1 KHz tone 


Figure 4: KidCQ Prototype Device Block Diagram 
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Figure 5: KidCQ Smart Card State Machine 
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Figure 6: TNC-X KidCQ Daughter Board Design 
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